A number of online security research firms have linked the cyber attack on French president-elect Emmanuel Macron’s campaign to the Russian-affiliated group that had been blamed for hacking into the United States’ Democratic Party before the US presidential election, The Guardian reported on Monday.

Thousands of emails, accounting documents and other files had been released online overnight on Friday. The chief of Macron’s digital team, Mounir Mahjoubi, had said that “five entire mailboxes” had been “stolen” in the hacking, including several personal Gmail mailboxes. His team had compared the cyber attack to the one on the Democratic campaign.

According to intelligence acquired by New York-based Flashpoint and Trend Micro from Tokyo, the Russian hacking group was responsible for the breach. It is recognised variously as Fancy Bear, Pawn Storm and Advanced Persistent Threat 28. The outfit has been linked with the Russian military intelligence directorate, GRU.

“If indeed driven by Moscow, this leak appears to be a significant escalation over the previous Russian operations aimed at the US presidential election, expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome,” said Flashpoint’s Vitali Kremez.

Another information security firm, Proofpoint, said there was evidence to prove that the attack on Macron’s En Marche! movement had Russian connections.

Independent centrist Macron won Sunday’s election against far-right candidate Marine Le Pen with 66% of the votes. He will take over as the French president on May 14.